fixed race condition with openssl 3.2.0

This commit is contained in:
orignal 2023-12-30 15:55:53 -05:00
parent 69ee6112b3
commit 302af823a3
2 changed files with 25 additions and 15 deletions

View File

@ -18,12 +18,10 @@ namespace crypto
EDDSA25519Verifier::EDDSA25519Verifier ():
m_Pkey (nullptr)
{
m_MDCtx = EVP_MD_CTX_create ();
}
EDDSA25519Verifier::~EDDSA25519Verifier ()
{
EVP_MD_CTX_destroy (m_MDCtx);
EVP_PKEY_free (m_Pkey);
}
@ -35,8 +33,17 @@ namespace crypto
bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
return EVP_DigestVerify (m_MDCtx, signature, 64, buf, len);
if (m_Pkey)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, m_Pkey);
auto ret = EVP_DigestVerify (ctx, signature, 64, buf, len);
EVP_MD_CTX_destroy (ctx);
return ret;
}
else
LogPrint (eLogError, "EdDSA verification key is not set");
return false;
}
#else
@ -101,7 +108,7 @@ namespace crypto
#if OPENSSL_EDDSA
EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
m_MDCtx (nullptr), m_Pkey (nullptr), m_Fallback (nullptr)
m_Pkey (nullptr), m_Fallback (nullptr)
{
m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
uint8_t publicKey[EDDSA25519_PUBLIC_KEY_LENGTH];
@ -111,30 +118,35 @@ namespace crypto
{
LogPrint (eLogWarning, "EdDSA public key mismatch. Fallback");
m_Fallback = new EDDSA25519SignerCompat (signingPrivateKey, signingPublicKey);
EVP_PKEY_free (m_Pkey);
m_Pkey = nullptr;
}
else
m_MDCtx = EVP_MD_CTX_create ();
}
EDDSA25519Signer::~EDDSA25519Signer ()
{
if (m_Fallback) delete m_Fallback;
EVP_MD_CTX_destroy (m_MDCtx);
EVP_PKEY_free (m_Pkey);
if (m_Pkey) EVP_PKEY_free (m_Pkey);
}
void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
if (m_Fallback) return m_Fallback->Sign (buf, len, signature);
else
if (m_Fallback)
return m_Fallback->Sign (buf, len, signature);
else if (m_Pkey)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
size_t l = 64;
uint8_t sig[64]; // temporary buffer for signature. openssl issue #7232
EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
if (!EVP_DigestSign (m_MDCtx, sig, &l, buf, len))
EVP_DigestSignInit (ctx, NULL, NULL, NULL, m_Pkey);
if (!EVP_DigestSign (ctx, sig, &l, buf, len))
LogPrint (eLogError, "EdDSA signing failed");
memcpy (signature, sig, 64);
EVP_MD_CTX_destroy (ctx);
}
else
LogPrint (eLogError, "EdDSA signing key is not set");
}
#endif
}

View File

@ -304,7 +304,6 @@ namespace crypto
private:
#if OPENSSL_EDDSA
EVP_MD_CTX * m_MDCtx;
EVP_PKEY * m_Pkey;
#else
EDDSAPoint m_PublicKey;
@ -342,7 +341,6 @@ namespace crypto
private:
EVP_MD_CTX * m_MDCtx;
EVP_PKEY * m_Pkey;
EDDSA25519SignerCompat * m_Fallback;
};